Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bf93cc85-799d-4e5e-bad8-2c93a71966bd.roa
File:                     bf93cc85-799d-4e5e-bad8-2c93a71966bd.roa (raw, json)
Hash identifier:          OcbBTbP/y1FhuJa6gbra6uaxs1KJVOnxSPt3ALtg8+8=
Subject key identifier:   D4:6D:83:D7:46:6E:9C:94:08:55:B1:64:D1:AD:AC:54:D1:D1:0F:C3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       44E5496B63704A0785C4A1E29E96E460FA55C7D1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bf93cc85-799d-4e5e-bad8-2c93a71966bd.roa
Signing time:             Sat 18 Oct 2025 10:12:23 +0000
ROA not before:           Sat 18 Oct 2025 10:12:23 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.220.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e5:49:6b:63:70:4a:07:85:c4:a1:e2:9e:96:e4:60:fa:55:c7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 10:12:23 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=6984c149b0f4f1d91f38d0203422ee57c3484f0701c3c673251aac1fdbc364d2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:f1:c7:cc:35:02:8f:c2:23:da:c3:0b:bf:
                    6a:85:84:4c:30:f9:e8:58:47:6c:0e:c0:5f:38:8a:
                    ea:4b:25:20:a1:8a:f1:79:e5:da:71:f4:ab:b7:e9:
                    90:34:85:1c:91:92:d1:fb:25:bf:a3:1c:d5:87:12:
                    77:26:85:b6:90:b9:94:86:fa:b0:39:30:b2:af:bc:
                    fb:af:4f:91:84:5a:ae:ee:20:40:2b:7a:09:53:41:
                    18:ba:7b:8f:bc:0f:c0:b7:ff:d5:37:84:7d:b9:2f:
                    5f:94:6e:ab:2c:2a:07:5a:23:16:ed:d1:53:45:20:
                    42:64:61:91:a4:43:c4:24:55:4c:bd:c8:c9:8e:4c:
                    1e:ab:f7:45:30:5f:43:63:31:d3:ea:0d:ab:c7:f0:
                    6e:1b:1d:01:9d:cc:29:43:89:c6:f9:26:38:28:79:
                    08:9e:47:21:1a:f1:92:57:4f:2a:f2:75:0f:47:05:
                    12:bb:fd:eb:cf:4b:e2:8b:74:6e:cf:c1:53:f2:94:
                    0d:2f:70:7c:89:ff:1a:39:d9:36:94:f9:c1:38:3c:
                    23:f9:66:89:5b:f8:b5:3c:f3:e8:f4:07:db:d4:fb:
                    f2:4b:41:63:fd:9e:15:83:70:f7:18:ee:7c:4a:1e:
                    f7:99:0f:99:58:d1:9e:49:ec:65:8a:e5:19:0b:87:
                    a2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:6D:83:D7:46:6E:9C:94:08:55:B1:64:D1:AD:AC:54:D1:D1:0F:C3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bf93cc85-799d-4e5e-bad8-2c93a71966bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:a3:65:6d:72:90:12:88:b4:a2:4b:e6:a8:82:3f:74:17:d5:
         07:ca:de:17:b3:34:b4:ad:4e:66:01:df:98:c4:77:2f:63:bc:
         a2:52:ee:f9:ef:2d:df:b3:be:c2:6b:c6:02:37:8f:03:8b:7f:
         cd:67:ee:6e:8b:22:e3:fc:83:d5:d1:18:55:a1:81:4c:96:e8:
         8b:3e:a9:7c:2f:cb:a8:fe:71:da:25:30:6d:c9:e3:db:d2:f5:
         d7:f5:4f:c4:57:fa:33:1f:27:3a:ed:f7:25:67:7c:e5:e3:cf:
         27:1f:79:58:c3:ef:48:86:c8:d4:bf:4e:33:44:5d:e1:23:be:
         73:05:48:a1:8b:75:f5:d2:a4:8e:3f:a7:24:fd:a1:c1:3c:21:
         a2:de:d9:b0:92:60:d6:53:0e:25:ec:8c:22:6e:79:25:06:03:
         91:96:70:c1:a1:8b:d1:16:ad:4a:fc:ae:9e:8b:f0:63:86:64:
         a5:96:1e:9b:a3:44:d1:99:34:53:59:a2:29:c3:18:90:2b:79:
         bf:12:74:77:95:da:a6:47:4f:f4:ea:1b:be:b3:e2:f0:13:5f:
         b3:4d:2e:97:51:23:f7:52:e5:6e:f7:86:17:a8:e9:4c:93:8b:
         0d:80:e4:c0:7c:0a:e4:cb:0f:2b:30:c2:e3:28:be:8d:0d:5a:
         ff:0c:b6:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUROVJa2NwSgeFxKHinpbkYPpVx9EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTAxMjIzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTg0YzE0OWIwZjRmMWQ5MWYzOGQwMjAzNDIyZWU1N2Mz
NDg0ZjA3MDFjM2M2NzMyNTFhYWMxZmRiYzM2NGQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtUfHHzDUCj8Ij2sMLv2qFhEww+ehYR2wOwF84iupLJSCh
ivF55dpx9Ku36ZA0hRyRktH7Jb+jHNWHEncmhbaQuZSG+rA5MLKvvPuvT5GEWq7u
IEAreglTQRi6e4+8D8C3/9U3hH25L1+UbqssKgdaIxbt0VNFIEJkYZGkQ8QkVUy9
yMmOTB6r90UwX0NjMdPqDavH8G4bHQGdzClDicb5JjgoeQieRyEa8ZJXTyrydQ9H
BRK7/evPS+KLdG7PwVPylA0vcHyJ/xo52TaU+cE4PCP5Zolb+LU88+j0B9vU+/JL
QWP9nhWDcPcY7nxKHveZD5lY0Z5J7GWK5RkLh6LnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1G2D10ZunJQIVbFk0a2sVNHRD8MwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JmOTNjYzg1LTc5OWQtNGU1ZS1iYWQ4LTJjOTNhNzE5NjZiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES9NwwDQYJKoZIhvcNAQELBQADggEBAIijZW1ykBKItKJL5qiCP3QX1QfK
3hezNLStTmYB35jEdy9jvKJS7vnvLd+zvsJrxgI3jwOLf81n7m6LIuP8g9XRGFWh
gUyW6Is+qXwvy6j+cdolMG3J49vS9df1T8RX+jMfJzrt9yVnfOXjzycfeVjD70iG
yNS/TjNEXeEjvnMFSKGLdfXSpI4/pyT9ocE8IaLe2bCSYNZTDiXsjCJueSUGA5GW
cMGhi9EWrUr8rp6L8GOGZKWWHpujRNGZNFNZoinDGJAreb8SdHeV2qZHT/TqG76z
4vATX7NNLpdRI/dS5W73hheo6UyTiw2A5MB8CuTLDyswwuMovo0NWv8MtlI=
-----END CERTIFICATE-----